Overview
- Description
- smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
Known exploits
Data from CISA
- Vulnerability name
- Microsoft Windows Privilege Escalation Vulnerability
- Exploit added on
- Mar 3, 2022
- Exploit action due
- Mar 24, 2022
- Required action
- Apply updates per vendor instructions.
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "685F1981-EA61-4A00-89F8-A748A88962F8"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E53CDA8E-50A8-4509-B070-CCA5604FFB21"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_nt:4.0:-:*:*:terminal_server:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E30F6C9C-3371-44FF-AD0B-3CAA0AB6F1B8"
}
],
"operator": "OR"
}
]
}
]